{"id":"https://openalex.org/W7141242808","doi":"https://doi.org/10.1016/j.iot.2026.101932","title":"Autonomous pentesting using artificial intelligence: from the cybersecurity point-of-view","display_name":"Autonomous pentesting using artificial intelligence: from the cybersecurity point-of-view","publication_year":2026,"publication_date":"2026-03-27","ids":{"openalex":"https://openalex.org/W7141242808","doi":"https://doi.org/10.1016/j.iot.2026.101932"},"language":"en","primary_location":{"id":"doi:10.1016/j.iot.2026.101932","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.iot.2026.101932","pdf_url":null,"source":{"id":"https://openalex.org/S4210174276","display_name":"Internet of Things","issn_l":"2542-6605","issn":["2542-6605","2543-1536"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Internet of Things","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.iot.2026.101932","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081907512","display_name":"Rui Fernandes","orcid":"https://orcid.org/0009-0002-1365-0208"},"institutions":[{"id":"https://openalex.org/I185808892","display_name":"Polytechnic Institute of C\u00e1vado and Ave","ror":"https://ror.org/0448qsq10","country_code":"PT","type":"education","lineage":["https://openalex.org/I185808892"]},{"id":"https://openalex.org/I4210100923","display_name":"Munster Technological University","ror":"https://ror.org/013xpqh61","country_code":"IE","type":"facility","lineage":["https://openalex.org/I4210100923"]}],"countries":["IE","PT"],"is_corresponding":true,"raw_author_name":"Rui Fernandes","raw_affiliation_strings":["2Ai - School of Technology, IPCA, Barcelos, Portugal","LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal","TUS - Technological University of the Shannon, Limerick, Ireland"],"raw_orcid":"https://orcid.org/0009-0002-1365-0208","affiliations":[{"raw_affiliation_string":"2Ai - School of Technology, IPCA, Barcelos, Portugal","institution_ids":["https://openalex.org/I185808892"]},{"raw_affiliation_string":"LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal","institution_ids":[]},{"raw_affiliation_string":"TUS - Technological University of the Shannon, Limerick, Ireland","institution_ids":["https://openalex.org/I4210100923"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044299019","display_name":"Nuno Lopes","orcid":"https://orcid.org/0000-0001-8897-5061"},"institutions":[{"id":"https://openalex.org/I185808892","display_name":"Polytechnic Institute of C\u00e1vado and Ave","ror":"https://ror.org/0448qsq10","country_code":"PT","type":"education","lineage":["https://openalex.org/I185808892"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Nuno Lopes","raw_affiliation_strings":["2Ai - School of Technology, IPCA, Barcelos, Portugal","LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"2Ai - School of Technology, IPCA, Barcelos, Portugal","institution_ids":["https://openalex.org/I185808892"]},{"raw_affiliation_string":"LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5122951737","display_name":"Joaquim Gon\u00e7alves","orcid":null},"institutions":[{"id":"https://openalex.org/I185808892","display_name":"Polytechnic Institute of C\u00e1vado and Ave","ror":"https://ror.org/0448qsq10","country_code":"PT","type":"education","lineage":["https://openalex.org/I185808892"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Joaquim Gon\u00e7alves","raw_affiliation_strings":["2Ai - School of Technology, IPCA, Barcelos, Portugal","LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal"],"raw_orcid":"https://orcid.org/0000-0003-2219-1816","affiliations":[{"raw_affiliation_string":"2Ai - School of Technology, IPCA, Barcelos, Portugal","institution_ids":["https://openalex.org/I185808892"]},{"raw_affiliation_string":"LASI - Associate Laboratory of Intelligent Systems, Guimar\u00e3es, Portugal","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5029347093","display_name":"John Cosgrove","orcid":"https://orcid.org/0000-0003-2931-5420"},"institutions":[{"id":"https://openalex.org/I4210100923","display_name":"Munster Technological University","ror":"https://ror.org/013xpqh61","country_code":"IE","type":"facility","lineage":["https://openalex.org/I4210100923"]}],"countries":["IE"],"is_corresponding":false,"raw_author_name":"John Cosgrove","raw_affiliation_strings":["TUS - Technological University of the Shannon, Limerick, Ireland"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"TUS - Technological University of the Shannon, Limerick, Ireland","institution_ids":["https://openalex.org/I4210100923"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5081907512"],"corresponding_institution_ids":["https://openalex.org/I185808892","https://openalex.org/I4210100923"],"apc_list":{"value":2010,"currency":"USD","value_usd":2010},"apc_paid":{"value":2010,"currency":"USD","value_usd":2010},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.71572711,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"37","issue":null,"first_page":"101932","last_page":"101932"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.2152000069618225,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.2152000069618225,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.19990000128746033,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.15479999780654907,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/emulation","display_name":"Emulation","score":0.6759999990463257},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.6639000177383423},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5842999815940857},{"id":"https://openalex.org/keywords/offensive","display_name":"Offensive","score":0.42489999532699585},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.41029998660087585},{"id":"https://openalex.org/keywords/transferability","display_name":"Transferability","score":0.3677999973297119},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.3587000072002411}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7332000136375427},{"id":"https://openalex.org/C149810388","wikidata":"https://www.wikidata.org/wiki/Q5374873","display_name":"Emulation","level":2,"score":0.6759999990463257},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.6639000177383423},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5842999815940857},{"id":"https://openalex.org/C176856949","wikidata":"https://www.wikidata.org/wiki/Q2001676","display_name":"Offensive","level":2,"score":0.42489999532699585},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.41029998660087585},{"id":"https://openalex.org/C61272859","wikidata":"https://www.wikidata.org/wiki/Q7834031","display_name":"Transferability","level":3,"score":0.3677999973297119},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3587000072002411},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.3440000116825104},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3434999883174896},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.3206999897956848},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.30480000376701355},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.2987000048160553},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.2854999899864197},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27900001406669617},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.2759999930858612},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.25369998812675476}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.iot.2026.101932","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.iot.2026.101932","pdf_url":null,"source":{"id":"https://openalex.org/S4210174276","display_name":"Internet of Things","issn_l":"2542-6605","issn":["2542-6605","2543-1536"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Internet of Things","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.iot.2026.101932","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.iot.2026.101932","pdf_url":null,"source":{"id":"https://openalex.org/S4210174276","display_name":"Internet of Things","issn_l":"2542-6605","issn":["2542-6605","2543-1536"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Internet of Things","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320334779","display_name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","ror":"https://ror.org/00snfqn58"},{"id":"https://openalex.org/F4320335322","display_name":"European Regional Development Fund","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2033742178","https://openalex.org/W2145339207","https://openalex.org/W2917355511","https://openalex.org/W2980390258","https://openalex.org/W2985543011","https://openalex.org/W3176850402","https://openalex.org/W4308154132","https://openalex.org/W4323317130","https://openalex.org/W4383899643","https://openalex.org/W4403118443","https://openalex.org/W4405336535","https://openalex.org/W4407163436","https://openalex.org/W4409230931"],"related_works":[],"abstract_inverted_index":{"\u2022":[0,16,29,43,58],"Comparative":[1],"analysis":[2],"of":[3,19,31,125],"traditional":[4],"and":[5,23,40,52,67,107,116,145,177,186,194,197],"AI-driven":[6],"penetration":[7],"testing":[8],"tools":[9,36],"aligned":[10],"with":[11,94],"the":[12,122,180,189,200],"MITRE":[13,136,191],"ATT&CK":[14,137,192],"framework.":[15],"In-depth":[17],"evaluation":[18],"reinforcement":[20],"learning-based":[21],"simulators":[22],"emulators":[24],"for":[25,45,82,162],"autonomous":[26,70,83],"cybersecurity":[27],"testing.":[28],"Identification":[30],"limitations":[32,131],"in":[33,54,103,132,172],"current":[34,98],"RL":[35,99,127],"regarding":[37],"emulation,":[38],"scalability,":[39,108,144],"real-world":[41,117],"applicability.":[42,118],"Proposal":[44],"hybrid":[46],"simulation-emulation":[47],"environments":[48,100,157],"to":[49,88],"improve":[50],"realism":[51],"transferability":[53],"training":[55],"AI":[56],"agents.":[57],"Novel":[59],"architecture":[60],"insights":[61],"from":[62],"recent":[63],"platforms":[64],"like":[65],"Cyberwheel":[66,178],"PenGym,":[68],"advancing":[69],"pentesting":[71],"research.":[72],"Reinforcement":[73],"Learning":[74],"(RL)":[75],"is":[76,150],"emerging":[77],"as":[78],"a":[79,110,151],"key":[80],"approach":[81],"Penetration":[84],"Testing,":[85],"enabling":[86],"agents":[87],"learn":[89],"offensive":[90],"actions":[91],"through":[92,203],"interaction":[93],"simulated":[95],"networks.":[96],"However,":[97],"differ":[101],"widely":[102],"realism,":[104],"attack":[105],"coverage,":[106,138],"creating":[109],"significant":[111],"gap":[112],"between":[113],"experimental":[114],"performance":[115],"This":[119],"work":[120],"evaluates":[121],"internal":[123],"design":[124],"state-of-the-art":[126],"Pentesting":[128],"simulators,":[129],"identifying":[130],"their":[133],"action":[134],"models,":[135],"emulation":[139],"support,":[140],"reward":[141],"mechanisms,":[142],"network":[143],"environment":[146,182],"fidelity.":[147],"Our":[148],"contribution":[149],"technical":[152],"comparison":[153],"that":[154,168],"isolates":[155],"which":[156],"best":[158,201],"support":[159],"each":[160],"feature":[161],"practical":[163],"Autonomous":[164],"Pentesting.":[165],"Results":[166],"show":[167],"no":[169],"simulator":[170],"leads":[171],"all":[173],"area.":[174],"NASimEmu,":[175],"Caldera,":[176,184],"provide":[179],"highest":[181],"fidelity;":[183],"Cyberwheel,":[185],"CybORG":[187],"offer":[188],"broadest":[190],"coverage;":[193],"NASim,":[195],"MulVAL,":[196],"CyberBattleSim":[198],"achieve":[199],"scalability":[202],"lightweight":[204],"graph-based":[205],"designs.":[206]},"counts_by_year":[],"updated_date":"2026-04-03T16:38:21.277918","created_date":"2026-03-28T00:00:00"}